An unknown threat actor has deployed a malicious Android sample targeting high-value assets in Southern Asia. The malware, generated using the Spynote Remote Administration Tool, was delivered via WhatsApp in multiple attempts. The payload, concealed and operating in the background, exhibits various capabilities including location tracking, contact access, camera control, SMS reading, and file system interaction. The malware also attempts to enable accessibility settings for enhanced control. Analysis reveals obfuscated code and permissions that allow extensive monitoring and data extraction. The attack's sophistication suggests possible involvement of an APT group, though the specific actor remains unidentified. This incident highlights the ongoing use of SpyNote variants in targeted attacks against critical sectors and individuals.